I will teach you a trick. Login with e.g. github. Create a tailnet. Create new user invite link, use it yourself - you can setup login with passkey to this second user. Promote to admin. Leave with your github user. Voila you have an account and tailnet with only passkey, no big brother oauth or anything.
I think browser do not have to be european as long as it is opensource, so Firefox, Librewolf, Brave, Mullvad (swedish) are all great options. As search ecosia worked well for me but I didn't find a way too see their random ads (to support them) with my protections, so I felt like I should not use them. Duck duck go works for me best, I made my piece with that.
I would look into PiHole vs AdGuard home. Lots of people are locked in on PiHole, but they never tried the other and AdGuard is currently more user friendly and easier to use than PiHole. Not starting a flame war here, everyone will have different view, just look at PiHole vs Adguard home and make your own decision (or try both).
I have about 15 trueNAS apps only 2 of them are custom (endurain and molly socket). They are containers but very low effort handled mostly by the system. I also have 3 LXC. And 2 VMs (home assistant and openWRT).
I spend only few minutes a week on maintenance. And then I tinker for several hours a week, testing new apps or enhancing current ones configs.
What is your setup? I have TrueNAS and there I use the apps that are easy to install (and the catalog is not small) and maintain. Basically from time to time I just come and update (one button click). I have networking separate and I had issues with Tailscale for some time, but there I had only 4 services in total, all docker containers and all except the Tailscale straight forward and easy to update. Now I even moved those. One as a custom app to TrueNAS and the rest to proxmox LXC - and that solved my tailscale issue as well. And I am having a good time. But my rule of thumb - before I install anything I ask myself if I REALLY need this, because otherwise I would end up with like a jillion services that are cool, but not really that useful or practical.
I think what I would recommend to you, find platform like TrueNAS, where lots of things is prepared for you and don't bother too much with the custom stuff if you don't enjoy. Also I can recommend having a test rig or VM so that you can always try first, if its easy to install and stable to use. There were occasions when I was trying stuff and it was just bothersome, I had to hack stuff and I was glad in the end I didn't "pollute" my main server with it.
Containers are amazing. But they may not be for everything. It also depends what you mean by containers. In this case I think you mean only docker containers. They are amazing, I love them but they are not the silver bullet. But then if you also think about LXC those two types can cover like 99 % of homelab usecases.
Yeah, I think you either have to use their "external library" feature, which makes immich basically just an image viewer or you have to let immich handle everything but then the filesystem settings are very limited. Sadly there is nothing in between. I opted for the second option. I have the basic storage template (with folders for years, months and days) and I think that is ok by me, but I really wish I could also perma edit the photos.
Fyi you can still do operations on your images on the filesystem (not renaming or moving though), you just have to refresh metadata and thumbnails for that photo (or video) in immich.
I was doing that for the image or video rotations. Its still not very practical to do that, but that is at least something.
Its huge and not huge at the same time. Lots of new stuff, but lots only in some clients.
What disappoints me a bit is the lossless editing. On one hand it is nice feature to have, on the other I want my edits to be permanent. I made Immich to save my images in pre-defined structure so that if immich stops working one day (or if I want to perform batch file operations or whatever) I still have my photos neatly organized. This lossless editing means that the changes will live somewhere in database and not on the actual filesystem. I hope they eventually introduce option to apply on the actual file.
No I don't wanna google or apple device.
I know why is remarkable supposed to be special but after trying it, it is not really that... well.. remarkable.
I will teach you a trick. Login with e.g. github. Create a tailnet. Create new user invite link, use it yourself - you can setup login with passkey to this second user. Promote to admin. Leave with your github user. Voila you have an account and tailnet with only passkey, no big brother oauth or anything.